Lanie Carmelo

I had a scary experience with my website that I want to share as a warning. I asked for help making my WordPress site look better in a LinkedIn group, and someone offered to assist, saying it wasn’t responsive. I gave them admin access, but after just one day, I found changes I didn’t make. New pages I didn’t recognize had been created, my menus were altered, and my logo was removed. Thankfully, they didn’t delete anything! They’d only hidden my pages and menus, so I was able to restore everything. I’ve now removed their access. I think this person may have been trying to take over my site.

This was after only 1 day—who knows what they might have done with more time? Please, be extremely cautious about who you trust with admin access to your site, even if they seem helpful. Lesson learned the hard way!

#WordPress #WebSecurity #ScamAlert #WebsiteSafety #CyberSecurity #ProtectYourWebsite #Accessibility #TechForGood #Tech #Technology

Dec 9, 2024 at 4:36amWeb
Show threadHerbie AllenDec 9, 2024
@RareBird15 Um, honestly? I would not give someone I didn't know admin access to anything. Especially on Social Media. Just my opinion.
Show threadLanie CarmeloDec 9, 2024
@hallen Well, I thought since it was on LinkedIn in a group for WordPress users, I'd be able to trust the person. They said my site wasn't responsive on mobile and I wanted to make sure it looked good. Lol I've learned my lesson now though.
Show threadSvenjaDec 9, 2024
@hallen @RareBird15 same here.
Show threadJonathan😪Dec 9, 2024
@RareBird15 I understand that it's not easy to make such a website, especially with sighted people in mind as well, but that's why you don't give random people admin access, to anything, anytime. No matter what they say lol.
Show threadthreadiDec 9, 2024
@RareBird15 I would recommend that you restore the project from a backup. This is because, in addition to the things that are visible to you, they could also have installed malware. You can scan for this with Wordfence, for example, but if it is really there, a backup is often the only thing that helps. Check whether they have created other users with which they could still have access.
Show threadLanie CarmeloDec 9, 2024
@threadi I just did a scan with WordFence, and it found no issues. They also only had one user account, which I removed. I'm about to look at the backups I have, but I'm not sure I'll have anything old enough. I think UpdraftPlus is set to back up the site every hour or two but only keep the last two backups.
Show threadDB SchweinDec 9, 2024

@RareBird15

Ugh! As someone who frequently offers to look at sites and fix problems this is so frustrating! People like that are making everybody (understandably) more cautious, and yet so many people don't have anyone they can turn to for fixes :-/

Grrrrr.

Looks like you did all the right things to fix what they broke.

I'll suggest as a fix to your unresponsive issue, most current themes are responsive - you can pick the WP default (currently 2024) and apply it to see how your site looks

Show threadLanie CarmeloDec 9, 2024
@deirdrebeth Thanks. I'm using GeneratePress Premium. Just finished making a bunch of changes to undo all the damage they did.